1. Field of the Invention
The present invention relates to a wireless communication apparatus, a recording medium, and a method.
2. Description of the Related Art
Recently, more and more protocols have been proposed for a simple setup of wireless LAN connection to reduce its troublesome installation step. Currently, as such simple setup protocols, two methods have become popular: one is a PIN method in which a PIN code, which is known only to (accessible only by) a user having valid authority, is used for authentication between apparatuses; and the other is a push-button method.
Especially, in the push-button method, it is possible to eliminate troublesome data input, and it is further possible to easily apply to an electronic device such as a home electrical appliance having no user interface for data input. Due to these features, the push-button method if expected to be used in various applications.
In this regard, Japanese Laid-open Patent Publication No. 2008-283422 (Patent Document 1) discloses a method in which a secure connection is established between a printer and a camera based on a Push Button Configuration protocol of a Wi-Fi Protected Setup (WPS), the protocol having been standardized by IEEE 802.11.
In the following, the WPS push button method is briefly described with reference to FIG. 1. In WPS, a function to provide configuration data (setting data) necessary for the secure connection is called a “registrar”. Meanwhile, a function to set communication parameters which are provided from the “registrar” is called an “enrollee”.
The WPS protocol sequence is divided into three main phases. In the first phase, a temporary connection (for plain text) is established between first and second apparatuses, via a probe request and open authentication, when, after a predetermined time period (e.g., from several tens of seconds to several minutes) has passed since a push button of the first apparatus is pressed, a push button of the second apparatus is pressed.
Next, in the second phase, the configuration data are shared which is necessary for the authentication and secure connection based on an EAP-WSC protocol. In the EAP-WSC protocol, to make it possible to share an encryption key by using a communication line on which no security is ensured, a Diffie-Hellman key exchange (hereinafter simplified as “DH”) algorithm is employed.
After the enrollee and registrar mutually transmit respective public keys to each other, the enrollee and registrar generate a passphrase (secret key), which is to be commonly used between the enrollee and registrar, based on the confidential information of the enrollee and registrar and the public key received from the registrar and enrollee, respectively.
Finally, in the third phase, based on the WPA protocol, after an encryption key is generated and shared using a predetermined algorithm based on the passphrase generated in the second phase, both the enrollee and registrar encrypt respective communication data using the encryption key (secret key) which is common between the enrollee and registrar. By doing this, a secure connection is established.
However, it is known that “DH”, which is used in the second phase, is vulnerable to a man-in-the-middle attack. To eliminate this vulnerability, it is necessary to carry out some kind of mutual authentication between the enrollee and registrar. In this regard, in the WPS push button method, the authentication indicating that the other part is valid (correct) is achieved based on a fact that the push buttons (of the enrollee and registrar) are pressed within the same time period (i.e., a fact that one party knows when the other party pushes the button).
Specifically, in response to the press down of the push button of the enrollee, the enrollee apparatus transmits a predetermined authentication code to the other party, and the registrar apparatus, where the push button of the registrar apparatus is pressed in the same time period when the push button of the enrollee apparatus is pressed, compares the authentication code received from the enrollee apparatus and the authentication code of the registrar apparatus.
However, the authentication code used in the push button method is typically a fixed value. Furthermore, in many cases, the authentication code is made public (disclosed) in the specification manual or the like. Therefore, it is not possible to completely eliminate the risk of a man-in-the-middle attack by a malicious third party.
The present invention is made in light of the above problem, and may provide a wireless communication apparatus, a recording medium, and a method capable of appropriately reducing a security risk in a wireless LAN connection setting.